NetChk provides protection against latest Adobe Reader exploit

Exploitable vulnerabilities in latest release of Adobe Reader closed with the protect any patch anywhere capabilities of NetChk from Shavlik Technologies

Shavlik Technologies has commented on the new exploitable bugs in the recently released Adobe Reader 8.1.3. Shavlik reports that the company's NetChk Protect customers are protected from these malicious security threats, but for those organizations that rely on patch management solutions limited to Microsoft only applications, there will be some pain.

"The threat landscape continues to broaden, and organizations can no longer assume that the biggest risk is to their Microsoft applications, and non-Microsoft applications can be handled as the threats emerge. Adobe Reader is an application that resides on most user desktops," said Chris Schwartzbauer, VP Worldwide Field Operations, Shavlik Technologies. "For Shavlik customers, this threat is a non-event, because our software provides them with a way to simplify and automate the full patch cycle for all Microsoft applications AND hundreds of non-Microsoft applications residing on their high value server and desktop assets. Our solutions reduce the risk to our customers' networks and actually allow them to demonstrate a clear financial return as a result of eliminating hours of manual effort."

This week, Adobe released a new version of Reader 8.1.3 that fixes several exploitable bugs in 8.1.2 and prior versions of this popular Reader software. Exploit code on this reader was posted to the milw0rm.com site and is fully functional.

Sites relying on Microsoft's patch solutions that employ the Windows Update set of APIs, such as WSUS, SMS, SCCM and others, are not protected against these exploitable bugs and may not even know it.

The threats include two payloads that can be easily activated. The first (default) payload launches an executable file called calc.exe for testing purposes. The second payload creates a bind shell for remote access. These payloads can be modified very easily to any arbitrary payload with very little skill required. These threats can impact thousands of legitimate Web sites and deliver previous Adobe exploits to an organization's network via the "Drive By" hacking techniques.

Shavlik reports that it's NetChk Protect Any Patch, Any Where technology protects its customers from this serious security vulnerability. Shavlik continues to be the industry leader in response time and support of newly available vendor patches. In addition to a solution architecture that streamlines integration of in-the-box support for new patches, Shavlik NetChk Protect also provides custom patch editor with a wizard-like interface for creating and maintaining custom patches. Combined with the Dynamic Product Detection capabilities in the NetChk Protect scan engine, customers can patch virtually any Windows application on their network.